Cyber Security Strategist

The role of Chief Information Security Officer (CISO) is crucial to the protection of assets and data against evolving threats.

• Strategic Leadership: Develop and implement an overarching cybersecurity strategy, encompassing offensive and defensive security initiatives, aligned with business objectives.
• Team Management & Development: Lead, mentor, and manage teams, fostering a collaborative and high-performing environment.
• Offensive Security Operations: Oversee planning and execution of penetration testing, vulnerability assessments, and red team exercises to identify weaknesses in applications, systems, and networks.
• Defensive Security Operations: Manage and enhance security monitoring, incident response, and threat intelligence capabilities.
• Security Tooling & Technology Management: Oversee selection, implementation, and management of a comprehensive suite of security tools and technologies.
• Secure Development Lifecycle Integration: Champion and enforce secure coding practices and security integration throughout the software development lifecycle.
• Threat Modeling & Risk Assessment: Lead and participate in threat modeling exercises for applications and infrastructure.
• Vulnerability Management: Develop and maintain a comprehensive vulnerability management program spanning applications and infrastructure.
• Incident Response Management: Collaborate with the incident response team and provide leadership in investigating and responding to security incidents.
• Security Code Reviews & Architecture Guidance: Lead and guide security code reviews to analyze and assess the security posture of application code.
• Compliance & Governance: Drive implementation and maintenance of ISO 27001 and PCI DSS compliance frameworks across both application and infrastructure security domains.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 5 years of progressive experience in cybersecurity roles.
• Mandatory hands-on experience with at least one of the following: Penetration testing frameworks, vulnerability scanners, SIEM platforms, EDR solutions, intrusion detection/prevention systems, and threat intelligence platforms.